TSA undergoes covert testing by three entities: The GAO, the DHS Inspector General and TSA’s own Office of Inspection. The recent GAO report focused on TSA’s covert testing procedures. During the course of the year long GAO review, the auditors examined all TSA covert test reports and recommendations, and had access to new policy or Standard Operating Procedure changes derived from the covert test recommendations. Many of the changes are in place today to further enhance the safety and security of the traveling public.

The report validated TSA’s covert testing program and included some recommendations. The recommendation that is causing confusion deals with the way TSA records test failures.

GAO recommended that TSA include a line item in our database for "failures." One would assume “failure” means someone missed an IED, but in fact the failure could be in how a rule is applied, how a technology functions in a specific airport, or how a procedure requires follow-up on an alarm. Because of the vast amount of qualitative information recorded by testers, they write more detailed explanations of failures in a written report instead of a line item in a database. We did, however, concur with the GAO recommendation and have now added a category to the data base on failures in addition to the more detailed reports we’ll continue to do.

The specific misperception we wanted to clear up is what we do with the test results. In some of the blog coverage I’ve seen, including the link mentioned above, some think we don’t do anything with the test results, which is far from the truth. These results are critical to closing security gaps in individual airports and throughout the entire aviation system. As soon as a covert test is completed in an airport, the findings are shared with the TSA leadership there, noting areas for improvement, whether it be in the application of Standard Operating Procedures, use of technology or other areas. The testers also meet with Transportation Security Officers after the testing is completed to show them where mistakes were made and offer suggestions to immediately close any security gap.

After the airport staff is briefed, the testers conduct a briefing to TSA senior staff to show them the failures and recommendations. Information is shared with the Office of Security Operations, which oversees TSA operations at airports nationwide. This gives headquarters an opportunity to look at results at one airport to see if there are implications for the whole aviation network. As needed, Standard Operating Procedures and training could be changed, technology is tweaked, and processes can be changed at the national level based on covert tests.

Bottom line: we take these results – and the results of GAO and the DHS Inspector General - very seriously and TSA constantly uses them to improve security.

44 comments:

Before we move on, though, many of us have repeatedly asked, and are still awaiting a response to the following question:

Where has TSA published a list of all the rules and regulations that TSA will subject someone to if that person wishes to cross a U.S. Government checkpoint at an airport en route to the gate from which his domestic flight will depart, not including laws that the person is required to abide by outside of the airport checkpoint (i.e., just those rules and regulations that apply only at the checkpoint). Please provide a URL or name of the government publication.

That doesn't mean the entire "guidelines for travelers" page, it doesn't mean the entire TSA Web site, it doesn't mean the entire U.S. Government Web, and it doesn't mean the whole Internet -- just a list of the rules TSA imposes on travelers at a U.S. Government airport checkpoint. Can't someone at TSA point us to a list of all the rules we are required to follow if we want to travel within the United States without restriction from our government? How can we be expected to follow the rules if we cannot read them? Are we expected to simply guess based on all the information we are able to gather, then wait for some security guard to tell us whether we guessed correctly or not?

"A Government Accountability Office report obtained by USA TODAY says Transportation Security Administration inspectors posing as passengers do not record why individual screeners failed to spot weapons. The TSA ran 20,000 covert tests at the USA's 450 commercial airports from 2002 to 2007, and the results ought to be used to improve screening, the report says.

[...]

"Results of the covert tests are classified, but recent reports made public have alarmed lawmakers. A November GAO report said investigators repeatedly smuggled liquid explosives and detonators past airport checkpoints in 2006. An internal TSA report said screeners in Los Angeles and Chicago airports missed fake bombs on agents in more than 60% of tests in 2006.

"TSA spokeswoman Ellen Howe said the tests have prompted new technologies, such as the installation of machines that peer under passengers' clothing to spot weapons that metal detectors might miss. The TSA has also deployed hundreds of new X-ray machines that are better at spotting weapons in carry-on bags.

"`Certainly we have used what we've learned over the years to improve security,' Howe said.

"The GAO said the TSA did not list reasons for test failures in an agency database. "The agency is not fully using the results of these tests" to close security holes, the GAO said."

Is there a reason why you don't discuss the high failure rates and what's being done to bring them down, other than "we're looking at being able to explain the failure in such a way that it won't count against us"?

Hmm, before I read this article, I thought that what you do when you get reports on specific problems is add another "layer of security" like Checkpoint Friendly Bags or a Mood Altering Checkpoint and send Kip to the Hill to defend TSA's Holistic Security Model that allows any number of layers to fail and still not be perceived as a failure.

from Phil:Can't someone at TSA point us to a list of all the rules we are required to follow if we want to travel within the United States without restriction from our government?

The answer is NO! There is not a single "list" that will show you what you want. You have been given an answer to your question many times; it just is not the answer you want. Your constant refusal to realize this makes you sound like a whiny, spoiled 5 year old who is not getting their way.

I quit reading anything by Trolkiller because of this same reason and will now skip over any of your posts. And just in case you missed it the first time, there is not a "single" list of the rules.

Absolutely intolerable. The individual involved should be decertified as a TSO immediately, and AA should take the TSA to federal court to claim every last dime lost plus punitive damages for TSA's gross incompetence/negligence. Yes, TSA (and not just the employee) needs to be held accountable for their mismanagment and poor training practices that allow for incidents like this. IMO, TSA officers are not qualified to be on the flightline anywhere near an aircraft, and certainly not qualified to touch an aircraft in any form or fashon. TSA is putting your life and mine in jeopardy, and there needs to be no less than a congressional investigation into what happened and to put a stop to this nonsense. There must be a place for logic in airport security. Please, stick to screening passengers/cargo and stay off the ramp!

On August 19 a Transportation Security Inspector (TSI) was conducting a routine compliance inspection on aircraft parked on the airfield at Chicago’s O’Hare Airport (ORD). The TSI inspected nine American Eagle aircraft to look for and test, among other things, access vulnerabilities or areas were someone with ill intent could gain access to the aircraft.

Aircraft operators are required to secure each aircraft when left unattended.

The TSIs are encouraged to look for and follow through on vulnerabilities. During the inspection process at ORD the Inspector used a Total Air Temperature (TAT) probe – a probe that protrudes from the side of the aircraft that is used to measure outside air temperature – to pull himself up while investigating possible access vulnerabilities with the unattended aircraft.

The Inspector was following through on regulatory inspection activity. The Inspector was able to gain access to the interior of seven of the nine aircraft inspected, which is an apparent violation of the airline’s security program. TSA is reviewing the inspection results and depending on the conclusion, could take action with the airline, up to and including levying of civil penalties.

While the inspection process is a vital layer of aviation security, it is not TSA’s intent to cause delays or potential damage to aircraft as a result of our inspections. TSA took immediate steps to re-enforce education about sensitive equipment located on the exterior of a plane.

We are all well aware of how lax your flighline security is, especially after an air-hobo climbed in a parked airplane and fell asleep at Lambert Airport (STL) in May. If "aircraft operators are required to secure each aircraft when left unattended," perhaps they should hire private security guards to keep the TSIs away. Your inspector caused costly damage to aircraft and delayed flights. He did the terrorist's job for them. Then you have the gall to claim the inspector was "following through on regulatory inspection activity" and threaten the airline with "civil penalties."

Rather than being punished for damaging aircrat, which would probably be little more than a slap on the wrist. I bet the TSA will reward the inspector for discovering that TATs can be used to climb in to Embraer aircraft.

"Where has TSA published a list of all the rules and regulations that TSA will subject someone to if that person wishes to cross a U.S. Government checkpoint at an airport en route to the gate from which his domestic flight will depart, not including laws that the person is required to abide by outside of the airport checkpoint (i.e., just those rules and regulations that apply only at the checkpoint). Please provide a URL or name of the government publication."

I and others have asked this repeatedly, and no one from TSA has ever answered. The closest thing to an answer that came as a result was EOS Blogger Bob's referral to the "guidelines for travelers" page, which as asmanyotherpeoplesoonnoted, was not what we're asking for, as that information is incomplete, internally inconsistent, and not an authoritative source for the rules we are required to follow. (Note: You'll have to load the main page for that post first if those links don't work. There's something wrong with TSA's blogger.com setup.)

"The answer is NO! There is not a single "list" that will show you what you want. You have been given an answer to your question many times; it just is not the answer you want."

If the answer is, indeed, "no, we, the TSA, will not show you a list of the rules you must follow in order to avoid having us restrict your right to travel", then I want to see it in writing from the TSA so I can pass it on to my Congressional representatives. If we're going to require people to follow rules that they are not allowed to read, then let's get it out in the open.

The anonymous commenter continued:

"You have been given an answer to your question many times; it just is not the answer you want."

If the question has been answered, then I and others have missed it. Please direct us to the place where it was answered. I don't want any particular answer. I just want to see the rules I am required by law to follow when I, a law-abiding citizen, am walking through an airport on the way to a flight, and am stopped at a U.S. Government checkpoint. Is that so much to ask? Remember, this is rather new. There was a time when you had to go to the Soviet Union to find government agents stopping innocent people to search and interrogate them.

Why are so many people comfortable just guessing at what is required of them? Don't you want to make sure you are in compliance with the rules so that you may legally travel within your own country?

Quote from an Anonymous yet Disgruntled TSO: The answer is NO! There is not a single "list" that will show you what you want. You have been given an answer to your question many times; it just is not the answer you want. Your constant refusal to realize this makes you sound like a whiny, spoiled 5 year old who is not getting their way.

And why can't there be? Kippie's asking us to follow the rules and people are asking where those rules are. What's so hard about giving the information all in one place so people don't have to play treasure hunt for it?

You TSO's complain about people not knowing the rules but don't want to make it easy for people to find out.

I can easily find out what I need to do to get a passport, get a DL, apply for social security, and so forth. Why can't TSA do the same?

If it can't do something simple like this, it makes me question how much bigger things are being messed up.

Additionally, ad hominem attacks don't help your cause. Attitudes like this only serve to illustrate the points critics make about TSA. You're acting exactly like what you're accusing Phil of doing.

I quit reading anything by Trolkiller because of this samereason and will now skip over any of your posts.

This blog is about dialogue, right? TSA isn't providing dialogue that was promised. The only answers people have been getting are from low level (no offense intended) TSO's who are providing conflicting answers. TSA has official spokespeople here who are not doing what they promised, nor do they answer questions in a timely manner, if at all.

The reason people harp about things is so that we can get an OFFICIAL answer. TSO's who provide their opinions are helpful and appreciated (if they have something useful to say ... some do, some don't), but it doesn't do anything to solve the problem from an official stance. If anything, the conflicting information only muddles the issue more.

So since you're not reading some of these messages, I guess you didn't know that Trollkiller's discussion changed after Francine finally posted (it only took a few months to get that answer) and went on from there.

You're only hurting yourself if you don't read what people are saying. It also shows you're apt to make incorrect assumptions without all the facts ... something that's really scary for someone who's supposed to be making security decisions.

How can there even be a reasonable expectation that one can comply with the law when one is unable to know what CFR's or portions of the USC are invovked govern the actual procedures?

If one can utilize http://uscode.house.gov/search/criteria.shtml

to search US Codeand

http://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfr&tpl=%2Findex.tpl

to search CFRs, why can one not do the same in order to have a better understand of one's one legal rights, and how to be able to recognize when an instruction given by a TSO has legal standing or not?

Ignorance of the law is not a successful defense in court, yet Americans can now be obligated to comply with legally-binding regulations that are unknown to them, and that indeed they are forbidden to know.

If you are really so interested in "security," why didn't give medals to -- instead of trying to prosecute -- Nathaniel Heatwole and Christopher Soghoian?

To answer your question. This is why those two needed to be prosecuted. Mr. Heatwole admitted to purposely smuggle prohibited items (box cutters just like the 9/11 attackers) and having possesion of bomb making materials especially in a airport is a BIG NO NO! You can use the excuse that he was testing the flaws in security all you want but unless he's conducting a study for a government agency, in regards to aiport security. What he did was not only wrong but stupid. In regards to the Doctoral student who set up a website to make fradualent boarding passes. I have no idea why you would condone his actions. Once again you can use the excuse all you want he was testing security flaws but what he did was still wrong and illegal. Let's just I had set up a website selling phony Law enforcement badges. Someone with bad intentions buys one of them and hurts someone or even worse. Sometimes, I really wonder if you or (one of the five or six regular posters) really think about what you write on this blog. For the record, they don't deserve medals, those men deserve to be prosecuted and ridiculed by their peers.

@"Sometimes, I really wonder if you or (one of the five or six regular posters) really think about what you write on this blog. For the record, they don't deserve medals, those men deserve to be prosecuted and ridiculed by their peers."

I'm one of the six or seven regular posters, but I've given up posting with my name since I've lost respect for this blogging process: Having a reputation here as one of the 5 or 6 regular posters gets your questions ignored as trolling.

Soghoian's "crime" was publishing a long-standing and still-existing security hole in TSAs ID checking layer of security: TSA trusts the potential terrorists to deliver a nominally important access credential to TSA.

As long as TSA depends on a note printed by a potential terrorist as an access credential, they deserve to be ridiculed by anyone who knows anything about security.

So why does TSA do it? TSA gets paid to provide Security Theatre, not security.

For the record, they don't deserve medals, those men deserve to be prosecuted and ridiculed by their peers.

there's no doubt it's "for the record".

But it doesn't change the fact that they were prosecuted for embarrassing the TSA by splashing proof of their incompetence across the front pages of the newspaper. It may have been "stupid" to expect anything better from a government agency, but it most certainly wasn't wrong.

But who are all these "anonymous" TSA cheerleaders anyway? Bob's alter ego? None of us believe that any pro-TSA comments are being left by anyone not on the TSA payroll. These comments are like 1980s letters to the editor at Pravda.

Quote from Anonymous: "To answer your question. This is why those two needed to be prosecuted. Mr. Heatwole admitted to purposely smuggle prohibited items (box cutters just like the 9/11 attackers) and having possesion of bomb making materials especially in a airport is a BIG NO NO! You can use the excuse that he was testing the flaws in security all you want but unless he's conducting a study for a government agency, in regards to aiport security. What he did was not only wrong but stupid. In regards to the Doctoral student who set up a website to make fradualent boarding passes. I have no idea why you would condone his actions. Once again you can use the excuse all you want he was testing security flaws but what he did was still wrong and illegal. Let's just I had set up a website selling phony Law enforcement badges. Someone with bad intentions buys one of them and hurts someone or even worse."

Bottom line is that they embarassed TSA and there was a price to pay for that.

Funny thing is, though, that after all the garbage they went thru with the FBI, that they weren't charged with anything. Gee, guess the law decided that there wasn't anything to charge them with. Guess they didn't break any laws now did they? Bye bye to your illegal argument.

Making a fake boarding pass isn't illegal. Heck, you don't even know if the one I printed out from online check-in is legit or not.

A website selling phony badges? Please. I can go to a toy store and buy phony badges. Even TSA's issuing them.

Boxcutters and small knives are not a threat. I'm even given knives to eat with on the plane. You allow scissors on board that have more of a cutting surface than a box cutter does. The only reason box cutters were banned was because the 9/11 hijackers used them.

"Sometimes, I really wonder if you or (one of the five or six regular posters) really think about what you write on this blog."

I'm beginning to believe that most TSOs don't.

"For the record, they don't deserve medals, those men deserve to be prosecuted and ridiculed by their peers."

Funny thing is, I think that most of the ridicule is coming from the government and not their peers.

What's the first thing you do if someone's telling the truth and you don't want the others to believe them? Discredit them. That's exactly what TSA's tried to do. The fact of the matter is that they exposed that the emperor has no clothes, and that's a good thing.

"And why can't there be? Kippie's asking us to follow the rules and people are asking where those rules are. What's so hard about giving the information all in one place so people don't have to play treasure hunt for it?

You TSO's complain about people not knowing the rules but don't want to make it easy for people to find out."

The answer is that there could be a list of the rules and regulations. From a TSO's perspective I have no idea why there is not one. As far as the TSO's complaining about passenger's not knowing the rules; lets worry about all our officers knowing the rules and how to apply them. People in glass houses...

Anonymous wrote:

"Good performance of your core task would go a long way to solving the issues the public has with TSA."

Quote from TSO Jason: "The answer is that there could be a list of the rules and regulations. From a TSO's perspective I have no idea why there is not one. As far as the TSO's complaining about passenger's not knowing the rules; lets worry about all our officers knowing the rules and how to apply them. People in glass houses...

Anonymous wrote:

"Good performance of your core task would go a long way to solving the issues the public has with TSA."

Here is what is said about insulin:"Insulin in any form or dispenser must be clearly identified."

Then further down in the same webpage it says: "We recommend, but do not require, that your medications be labeled to assist with the screening process."

That is contradictory and leaves me wondering. Also a vial of insulin is 10 ml, well under your 100 ml limit, so if they are in my quart zip-lock, it appears they do not need to be labeled.

Bob, I am trying to make a point. TSA wants us to follow rules, but cannot even clearly tell us what those rules are. The TSA has had ample time to put together a set of rules, but seems too busy making and keeping lists of "suspected" terrorists, that they can't be bothered to draft a simple set of rules that they expect the traveling public to follow and obey to travel by air within the borders of the USA.

Robert Johnson said... Quote from an Anonymous yet Disgruntled TSO: The answer is NO! There is not a single "list" that will show you what you want. You have been given an answer to your question many times; it just is not the answer you want. Your constant refusal to realize this makes you sound like a whiny, spoiled 5 year old who is not getting their way.

You sure are quick to assume that someone who does not agree with you must be a disgruntled TSO. FYI, I am neither. Are only those who share your opinion allowed to state their opinion on this Blog? That would make you a hipocrite, now wouldn't it if you believe this. My brother-in-law works for TSA and it is from him that I know there is not an all inclusive list to be accessed. TSO's and their management have to access a variety of documents to view all the different rules and guidelines and directions on how to look at these have been given by the blog team.

"Recently, the Government Accountability Office (GAO) released a report on TSA’s covert testing program. We’ve written about the report and posted it on our website. Some media and blogs have covered the report and created some misperceptions along the way –headlines like: “TSA Doesn’t Look Into Airport Security Screener Failures don’t help.

The only misperceptions these days involve the TSA's attempts to spin reality. Like the USA Today article, the recent damage to multiple aircaft, the battery pack, and of course nipple gate. Here's a new phrase to learn, "we made a mistake and are taking steps to ensure it does not happen again".

The only misperceptions these days involve the TSA's attempts to spin reality. Like the USA Today article, the recent damage to multiple aircaft, the battery pack, and of course nipple gate. Here's a new phrase to learn, "we made a mistake and are taking steps to ensure it does not happen again".

Their version:

"I made a mistake and endangered people safety or trampled all over their rights, instead of getting fired, they pinned a medal on me and told me that I was their hero".

How about some covert tests to evaluate how the screeners are treating the flying public? If the TSO's knew they were subject to covert testing of their interpersonal skills, they might put a higher level of attention to ordinary civility and common courtesy and a lower level of attention to looking for excuses to start yelling.

Quote from Anonymous: "TSO's and their management have to access a variety of documents to view all the different rules and guidelines and directions on how to look at these have been given by the blog team."

I'm impressed that this blog exists and even more impressed by the extensive commentary here. Several of the comments amount to well written articles by themselves. I'm glad to see so many people debating our security issues.

nobody seems to be able to find any kind of list of permitted or prohibited item. There it is. of course its not all inclusive, but its pretty much common sense (though many things are also up to FSD and/or supervisor discretion) things change daily (and sometimes hourly...seriously!!) for use on the check-point so we do definitely understand your frustrations._____________________and about that testing.....

I've seen the bags,and i know that chill that comes over you when you see an unexpected "threat". your heart starts pounding and you start thinking about your next move...

"The GAO said the TSA did not list reasons for test failures in an agency database. "The agency is not fully using the results of these tests" to close security holes, the GAO said

what there referring to here is just procedure..and when you see a possible life changing threat you might just so something in a different order (they don't like that)

but.. to the TSOs who cant tell a tooth brush from a knife is offensive. We've had the same training and constantly get criticized from everyone around us (passengers, management, and just-in at our airport...big brother)

It would also be some kind of miracle if TSA did something about so many TSOs that do not meet standards (besides reading SOP), and while were at we should up our standards.

"nobody seems to be able to find any kind of list of permitted or prohibited item."

Actually, we've found lots of lists. Unfortunately, they are inconsistent, outdated, and incomplete. Thus they are almost completely useless.

Jennifer continued:

"There it is. of course its not all inclusive,"

Bingo. It does us no good other than to give us an idea of what may or may not have been okay to carry through a checkpoint at some time in the past.

Why is it so hard for TSA to simply provide us with a list of all the rules we're required to follow at its checkpoints? Does TSA want us to know what the rules are or not? Does TSA even have a list of the rules it expects us to follow?

Where has TSA published a list of all the rules and regulations that TSA will subject someone to if that person wishes to cross a U.S. Government checkpoint at an airport en route to the gate from which his domestic flight will depart, not including laws that the person is required to abide by outside of the airport checkpoint (i.e., just those rules and regulations that apply specifically at the checkpoint). Please provide a URL or name of the government publication.

Jennifer, do you think it's odd that your job requires to you enforce rules that those of us who are supposed to follow are not allowed to see? Does subjecting people to arbitrary and secret rules seem like the American way? Would you say that your agency's practice is congruent with the United States Constitution?

Ok hold on a minute, 'covert testing'? It sounds like some kind of military operation on the public. I would rephrase that if I were you :P How about 'customer service review'? That has a nice ring to it, I bet the public would be more supportive of that.

"nobody seems to be able to find any kind of list of permitted or prohibited item."

Actually, we've found lots of lists. Unfortunately, they are inconsistent, outdated, and incomplete. Thus they are almost completely useless.

Jennifer continued:

"There it is. of course its not all inclusive,"

Bingo. It does us no good other than to give us an idea of what may or may not have been okay to carry through a checkpoint at some time in the past.

Why is it so hard for TSA to simply provide us with a list of all the rules we're required to follow at its checkpoints? Does TSA want us to know what the rules are or not? Does TSA even have a list of the rules it expects us to follow?

Where has TSA published a list of all the rules and regulations that TSA will subject someone to if that person wishes to cross a U.S. Government checkpoint at an airport en route to the gate from which his domestic flight will depart, not including laws that the person is required to abide by outside of the airport checkpoint (i.e., just those rules and regulations that apply specifically at the checkpoint). Please provide a URL or name of the government publication.

Jennifer, do you think it's odd that your job requires to you enforce rules that those of us who are supposed to follow are not allowed to see? Does subjecting people to arbitrary and secret rules seem like the American way? Would you say that your agency's practice is congruent with the United States Constitution?

"If there was a straight forward, black and white list of prohibs, don't you think terrorists could use that to their benefit?"

Only if they benefit from following the rules that TSA requires everyone to comply with when they are crossing through a U.S. Government checkpoint in an airport.

If terrorists benefit from not carrying through a checkpoint the things TSA bars them from carrying through the checkpoint, great! Let them benefit. I want them to follow TSA's rules. These rules exist to keep flights safe, right?

Why keep us all guessing? If there are special rules with which we must comply at the airport checkpoints, then tell us what they are so we can comply with them.

Where has TSA published a list of all the rules and regulations that TSA will subject someone to if that person wishes to cross a U.S. Government checkpoint at an airport en route to the gate from which his domestic flight will depart, not including laws that the person is required to abide by outside of the airport checkpoint (i.e., just those rules and regulations that apply specifically at the checkpoint). Please provide a URL or name of the government publication.